Page 1 of 1

Ignoring/Stopping tracking hit emails for specific local user

Posted: 08 Mar 2020, 19:12
by h2ojunkie
I have a sandbox server that mimics my live site. We have some CRM systems that make outbound connections to smtp servers on port 995. And since our sandbox is sync'd/refreshed regularly with our live site, I've blocked outbound port 995 on our sandbox to prevent the sandbox "copy" of the live servers from accidentally ever retrieving customer email from our POP servers. I can't disable the cron that triggers the CRM to fetch the mail, since that would disable all other functions controlled by that same cron, and we need those running on sandbox for development purposes.

The side affect of blocking port 995 on the sandbox, is the unix users that do attempt the outbound connection to retrieve email end up triggering the Tracking Hit in LFD, and in the process also sending email alerts to me (which clutter the inbox of alerts I actually need to see).

Example:
lfd on sandbox.com: UID 1003 (sandboxuser) Tracking Hit

Time: Sun Mar 8 11:30:04 2020 -0800
UID: 1003 (sandboxuser)
Hits: 11
Mar 8 11:25:08 sandbox kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=<serverIP> DST=<pop server IP> LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=32390 DF PROTO=TCP SPT=42618 DPT=995 WINDOW=29200 RES=0x00 SYN URGP=0 UID=1003 GID=1003

Is there a way I can "ignore" tracking hits from the "sandboxuser" to port "995" only? I tried adding port 995 to the DROP_NOLOG in hopes that would stop triggering the tracking hits, but that didn't work.

Any suggestions for what options I have to ignore or disable the tracking hit ONLY for outbound to port 995 (and ideally, only from a specific unix user)

Thanks!